On Mon, Dec 8, 2025 at 5:56 PM Amit Langote <[email protected]> wrote: > > On Thu, Dec 4, 2025 at 2:23 AM Ashutosh Bapat > > In your commit message: > > 4. We have not implemented security definer property graphs since > SQL/PGQ standard does not mention those. > > My reading of the access rules is that, from the caller’s point of > view, the standard expects behavior that is quite close to > security-definer semantics -- once the session user has SELECT on the > property graph, they do not need privileges on the element tables. Is > that also how you read it, or do you see the standard as intentionally > leaving room for invoker semantics like you've currently implemented? >
The standard specifies that in order to reference a property graph in the query, the query invoker has to have SELECT privileges on the property graph. I am not able to find a specification which answers: who's privileges should be used to access the underlying tables. So I can't say whether it's close to security-definer semantics or not. I also can not infer any intent. But as I have explained above, security-definer semantics seem to be too dangerous to implement. But may be there's some other safe interpretation of standard specification, which I am missing. -- Best Wishes, Ashutosh Bapat
